CVE-2024-26971 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2024-26971?

CVE-2024-26971 has a CVSS score of 5.5 (MEDIUM). This CVE describes an out-of-bounds read vulnerability in the Linux kernel's Qualcomm GCC IPQ5018 clock driver. Missing termination in frequency table arrays could allow attackers to read kernel memory beyond the array boundaries. This affects Linux systems using the affected Qualcomm IPQ5018 clock driver.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in the Linux kernel's Qualcomm GCC IPQ5018 clock driver. Missing termination in frequency table arrays could allow attackers to read kernel memory beyond the array boundaries. This affects Linux systems using the affected Qualcomm IPQ5018 clock driver.

💻 Affected Systems

Products:

Linux kernel with Qualcomm GCC IPQ5018 clock driver

Versions: Linux kernel versions containing the vulnerable driver code before the fix commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects systems using Qualcomm IPQ5018-based hardware with the vulnerable clock driver enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to information leakage, potential privilege escalation if combined with other vulnerabilities, or system instability/crash.

🟠

Likely Case

Information disclosure of kernel memory contents, potentially revealing sensitive data or memory addresses that could aid further exploitation.

🟢

If Mitigated

Limited impact with proper kernel hardening and memory protection mechanisms in place.

🌐 Internet-Facing: LOW - Requires local access or ability to interact with kernel driver interfaces.

🏢 Internal Only: MEDIUM - Local attackers could potentially exploit this to gain information about kernel memory layout.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to interact with the clock driver interface. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing the fix commits: 50c3acd460551cdf9d8ac6fe0c04f2de0e8e0872, 90ad946fff70f312b8d23226afc38c13ddd88c4b, b0cf3d200e8a72b6d28e6e088c062b4a98cb5eaf, c8f4bef0667947b826848db1c45a645f751357c1

Vendor Advisory: https://git.kernel.org/stable/c/50c3acd460551cdf9d8ac6fe0c04f2de0e8e0872

Restart Required: Yes

Instructions:

1. Update to a Linux kernel version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable vulnerable driver module

linux

Blacklist or disable the gcc-ipq5018 module if not required

echo 'blacklist gcc-ipq5018' >> /etc/modprobe.d/blacklist.conf
rmmod gcc-ipq5018

🧯 If You Can't Patch

Restrict local user access to systems using vulnerable hardware
Implement strict access controls and monitoring for kernel module interactions

🔍 How to Verify

Check if Vulnerable:

Check if system uses Qualcomm IPQ5018 hardware and has the vulnerable driver loaded: lsmod | grep gcc-ipq5018

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits or verify driver version after update

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
Driver-related errors in dmesg
Unexpected memory access patterns

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel panic or oops messages containing 'gcc-ipq5018' or 'out of bounds'

📊 Metadata

CVE ID: CVE-2024-26971

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-129

Published: May 1, 2024

Last Updated: March 4, 2025

🔗 References

https://git.kernel.org/stable/c/50c3acd460551cdf9d8ac6fe0c04f2de0e8e0872 Mailing List,Patch
https://git.kernel.org/stable/c/90ad946fff70f312b8d23226afc38c13ddd88c4b Mailing List,Patch
https://git.kernel.org/stable/c/b0cf3d200e8a72b6d28e6e088c062b4a98cb5eaf Mailing List,Patch
https://git.kernel.org/stable/c/c8f4bef0667947b826848db1c45a645f751357c1 Mailing List,Patch
https://git.kernel.org/stable/c/50c3acd460551cdf9d8ac6fe0c04f2de0e8e0872 Mailing List,Patch
https://git.kernel.org/stable/c/90ad946fff70f312b8d23226afc38c13ddd88c4b Mailing List,Patch
https://git.kernel.org/stable/c/b0cf3d200e8a72b6d28e6e088c062b4a98cb5eaf Mailing List,Patch
https://git.kernel.org/stable/c/c8f4bef0667947b826848db1c45a645f751357c1 Mailing List,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26971, you might also want to check these: